CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51596 – WordPress Business plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51596
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nilesh Shiragave Business allows Stored XSS.This issue affects Business: from n/a through 1.3. The Business plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/business/wordpress-business-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51599 – WordPress Simple Business Manager plugin <= 4.6.7.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51599
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Russell Albin Simple Business Manager allows Stored XSS.This issue affects Simple Business Manager: from n/a through 4.6.7.4. The Simple Business Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/simple-business-manager/wordpress-simple-business-manager-plugin-4-6-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37505 – WordPress Business One Page theme <= 1.2.9 - Broken Access Control on Notice Dismissal vulnerability
https://notcve.org/view.php?id=CVE-2024-37505
Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9. The Business One Page theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the business_one_page_update_admin_notice() function in versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notices. • https://patchstack.com/database/vulnerability/business-one-page/wordpress-business-one-page-theme-1-2-9-broken-access-control-on-notice-dismissal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37937 – Rara Business <= 1.2.5 - Cross-Site Request Forgery to Notice Dismissal
https://notcve.org/view.php?id=CVE-2024-37937
The Rara Business theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the rara_business_update_admin_notice() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. permite que un atacante remoto no autenticado realice operaciones no deseadas en el producto afectado. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias]. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html • CWE-352: Cross-Site Request Forgery (CSRF) •